The branch main has been updated by ngie: URL: https://cgit.FreeBSD.org/src/commit/?id=e6c8997a8958c7aaec8e266d2eeefbfaa137e218
commit e6c8997a8958c7aaec8e266d2eeefbfaa137e218 Author: Enji Cooper <[email protected]> AuthorDate: 2026-02-01 17:05:55 +0000 Commit: Enji Cooper <[email protected]> CommitDate: 2026-02-01 17:05:55 +0000 OpenSSL: commit sys/crypto changes for 3.5.5 These files were changed as part of the 3.5.4 -> 3.5.5 upgrade. Please see the upstream release notes linked in 1731fc70f7344af08db49b06c63c963fa12ee354, et al, for more details. MFC after: 6 days MFC with: 1731fc70f7344af08db49b06c63c963fa12ee354 Fixes: 1731fc70f7344af08d ("OpenSSL: update vendor sources to match 3.5.5 content") --- sys/crypto/openssl/aarch64/vpsm4_ex-armv8.S | 14 +- sys/crypto/openssl/arm_arch.h | 369 +++-- sys/crypto/openssl/powerpc/aes-gcm-ppc.S | 2118 +++++++++++-------------- sys/crypto/openssl/powerpc64/aes-gcm-ppc.S | 2119 +++++++++++--------------- sys/crypto/openssl/powerpc64le/aes-gcm-ppc.S | 2119 +++++++++++--------------- 5 files changed, 2850 insertions(+), 3889 deletions(-) diff --git a/sys/crypto/openssl/aarch64/vpsm4_ex-armv8.S b/sys/crypto/openssl/aarch64/vpsm4_ex-armv8.S index 5627d6d1c6b4..b8c728e68683 100644 --- a/sys/crypto/openssl/aarch64/vpsm4_ex-armv8.S +++ b/sys/crypto/openssl/aarch64/vpsm4_ex-armv8.S @@ -1,5 +1,5 @@ /* Do not modify. This file is auto-generated from vpsm4_ex-armv8.pl. */ -// Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. +// Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved. // // Licensed under the Apache License 2.0 (the "License"). You may not use // this file except in compliance with the License. You can obtain a copy @@ -35,13 +35,25 @@ _vpsm4_ex_consts: .Lshuffles: .quad 0x0B0A090807060504,0x030201000F0E0D0C .Lxts_magic: +#ifndef __AARCH64EB__ .quad 0x0101010101010187,0x0101010101010101 +#else +.quad 0x0101010101010101,0x0101010101010187 +#endif .Lsbox_magic: +#ifndef __AARCH64EB__ .quad 0x0b0e0104070a0d00,0x0306090c0f020508 .quad 0x62185a2042387a00,0x22581a6002783a40 .quad 0x15df62a89e54e923,0xc10bb67c4a803df7 .quad 0xb9aa6b78c1d21300,0x1407c6d56c7fbead .quad 0x6404462679195b3b,0xe383c1a1fe9edcbc +#else +.quad 0x0306090c0f020508,0x0b0e0104070a0d00 +.quad 0x22581a6002783a40,0x62185a2042387a00 +.quad 0xc10bb67c4a803df7,0x15df62a89e54e923 +.quad 0x1407c6d56c7fbead,0xb9aa6b78c1d21300 +.quad 0xe383c1a1fe9edcbc,0x6404462679195b3b +#endif .quad 0x0f0f0f0f0f0f0f0f,0x0f0f0f0f0f0f0f0f .size _vpsm4_ex_consts,.-_vpsm4_ex_consts diff --git a/sys/crypto/openssl/arm_arch.h b/sys/crypto/openssl/arm_arch.h index acd8aee4d519..d570d1eba6c1 100644 --- a/sys/crypto/openssl/arm_arch.h +++ b/sys/crypto/openssl/arm_arch.h @@ -8,87 +8,80 @@ */ #ifndef OSSL_CRYPTO_ARM_ARCH_H -# define OSSL_CRYPTO_ARM_ARCH_H - -# if !defined(__ARM_ARCH__) -# if defined(__CC_ARM) -# define __ARM_ARCH__ __TARGET_ARCH_ARM -# if defined(__BIG_ENDIAN) -# define __ARMEB__ -# else -# define __ARMEL__ -# endif -# elif defined(__GNUC__) -# if defined(__aarch64__) -# define __ARM_ARCH__ 8 - /* - * Why doesn't gcc define __ARM_ARCH__? Instead it defines - * bunch of below macros. See all_architectures[] table in - * gcc/config/arm/arm.c. On a side note it defines - * __ARMEL__/__ARMEB__ for little-/big-endian. - */ -# elif defined(__ARM_ARCH) -# define __ARM_ARCH__ __ARM_ARCH -# elif defined(__ARM_ARCH_8A__) -# define __ARM_ARCH__ 8 -# elif defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \ - defined(__ARM_ARCH_7R__)|| defined(__ARM_ARCH_7M__) || \ - defined(__ARM_ARCH_7EM__) -# define __ARM_ARCH__ 7 -# elif defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) || \ - defined(__ARM_ARCH_6K__)|| defined(__ARM_ARCH_6M__) || \ - defined(__ARM_ARCH_6Z__)|| defined(__ARM_ARCH_6ZK__) || \ - defined(__ARM_ARCH_6T2__) -# define __ARM_ARCH__ 6 -# elif defined(__ARM_ARCH_5__) || defined(__ARM_ARCH_5T__) || \ - defined(__ARM_ARCH_5E__)|| defined(__ARM_ARCH_5TE__) || \ - defined(__ARM_ARCH_5TEJ__) -# define __ARM_ARCH__ 5 -# elif defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__) -# define __ARM_ARCH__ 4 -# else -# error "unsupported ARM architecture" -# endif -# elif defined(__ARM_ARCH) -# define __ARM_ARCH__ __ARM_ARCH -# endif -# endif - -# if !defined(__ARM_MAX_ARCH__) -# define __ARM_MAX_ARCH__ __ARM_ARCH__ -# endif - -# if __ARM_MAX_ARCH__<__ARM_ARCH__ -# error "__ARM_MAX_ARCH__ can't be less than __ARM_ARCH__" -# elif __ARM_MAX_ARCH__!=__ARM_ARCH__ -# if __ARM_ARCH__<7 && __ARM_MAX_ARCH__>=7 && defined(__ARMEB__) -# error "can't build universal big-endian binary" -# endif -# endif - -# ifndef __ASSEMBLER__ +#define OSSL_CRYPTO_ARM_ARCH_H + +#if !defined(__ARM_ARCH__) +#if defined(__CC_ARM) +#define __ARM_ARCH__ __TARGET_ARCH_ARM +#if defined(__BIG_ENDIAN) +#define __ARMEB__ +#else +#define __ARMEL__ +#endif +#elif defined(__GNUC__) +#if defined(__aarch64__) +#define __ARM_ARCH__ 8 +/* + * Why doesn't gcc define __ARM_ARCH__? Instead it defines + * bunch of below macros. See all_architectures[] table in + * gcc/config/arm/arm.c. On a side note it defines + * __ARMEL__/__ARMEB__ for little-/big-endian. + */ +#elif defined(__ARM_ARCH) +#define __ARM_ARCH__ __ARM_ARCH +#elif defined(__ARM_ARCH_8A__) +#define __ARM_ARCH__ 8 +#elif defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || defined(__ARM_ARCH_7R__) || defined(__ARM_ARCH_7M__) || defined(__ARM_ARCH_7EM__) +#define __ARM_ARCH__ 7 +#elif defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) || defined(__ARM_ARCH_6K__) || defined(__ARM_ARCH_6M__) || defined(__ARM_ARCH_6Z__) || defined(__ARM_ARCH_6ZK__) || defined(__ARM_ARCH_6T2__) +#define __ARM_ARCH__ 6 +#elif defined(__ARM_ARCH_5__) || defined(__ARM_ARCH_5T__) || defined(__ARM_ARCH_5E__) || defined(__ARM_ARCH_5TE__) || defined(__ARM_ARCH_5TEJ__) +#define __ARM_ARCH__ 5 +#elif defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__) +#define __ARM_ARCH__ 4 +#else +#error "unsupported ARM architecture" +#endif +#elif defined(__ARM_ARCH) +#define __ARM_ARCH__ __ARM_ARCH +#endif +#endif + +#if !defined(__ARM_MAX_ARCH__) +#define __ARM_MAX_ARCH__ __ARM_ARCH__ +#endif + +#if __ARM_MAX_ARCH__ < __ARM_ARCH__ +#error "__ARM_MAX_ARCH__ can't be less than __ARM_ARCH__" +#elif __ARM_MAX_ARCH__ != __ARM_ARCH__ +#if __ARM_ARCH__ < 7 && __ARM_MAX_ARCH__ >= 7 && defined(__ARMEB__) +#error "can't build universal big-endian binary" +#endif +#endif + +#ifndef __ASSEMBLER__ extern unsigned int OPENSSL_armcap_P; extern unsigned int OPENSSL_arm_midr; extern unsigned int OPENSSL_armv8_rsa_neonized; -# endif - -# define ARMV7_NEON (1<<0) -# define ARMV7_TICK (1<<1) -# define ARMV8_AES (1<<2) -# define ARMV8_SHA1 (1<<3) -# define ARMV8_SHA256 (1<<4) -# define ARMV8_PMULL (1<<5) -# define ARMV8_SHA512 (1<<6) -# define ARMV8_CPUID (1<<7) -# define ARMV8_RNG (1<<8) -# define ARMV8_SM3 (1<<9) -# define ARMV8_SM4 (1<<10) -# define ARMV8_SHA3 (1<<11) -# define ARMV8_UNROLL8_EOR3 (1<<12) -# define ARMV8_SVE (1<<13) -# define ARMV8_SVE2 (1<<14) -# define ARMV8_HAVE_SHA3_AND_WORTH_USING (1<<15) -# define ARMV8_UNROLL12_EOR3 (1<<16) +#endif + +#define ARMV7_NEON (1 << 0) +#define ARMV7_TICK (1 << 1) +#define ARMV8_AES (1 << 2) +#define ARMV8_SHA1 (1 << 3) +#define ARMV8_SHA256 (1 << 4) +#define ARMV8_PMULL (1 << 5) +#define ARMV8_SHA512 (1 << 6) +#define ARMV8_CPUID (1 << 7) +#define ARMV8_RNG (1 << 8) +#define ARMV8_SM3 (1 << 9) +#define ARMV8_SM4 (1 << 10) +#define ARMV8_SHA3 (1 << 11) +#define ARMV8_UNROLL8_EOR3 (1 << 12) +#define ARMV8_SVE (1 << 13) +#define ARMV8_SVE2 (1 << 14) +#define ARMV8_HAVE_SHA3_AND_WORTH_USING (1 << 15) +#define ARMV8_UNROLL12_EOR3 (1 << 16) /* * MIDR_EL1 system register @@ -100,120 +93,116 @@ extern unsigned int OPENSSL_armv8_rsa_neonized; * */ -# define ARM_CPU_IMP_ARM 0x41 -# define HISI_CPU_IMP 0x48 -# define ARM_CPU_IMP_APPLE 0x61 -# define ARM_CPU_IMP_MICROSOFT 0x6D -# define ARM_CPU_IMP_AMPERE 0xC0 - -# define ARM_CPU_PART_CORTEX_A72 0xD08 -# define ARM_CPU_PART_N1 0xD0C -# define ARM_CPU_PART_V1 0xD40 -# define ARM_CPU_PART_N2 0xD49 -# define HISI_CPU_PART_KP920 0xD01 -# define ARM_CPU_PART_V2 0xD4F - -# define APPLE_CPU_PART_M1_ICESTORM 0x022 -# define APPLE_CPU_PART_M1_FIRESTORM 0x023 -# define APPLE_CPU_PART_M1_ICESTORM_PRO 0x024 -# define APPLE_CPU_PART_M1_FIRESTORM_PRO 0x025 -# define APPLE_CPU_PART_M1_ICESTORM_MAX 0x028 -# define APPLE_CPU_PART_M1_FIRESTORM_MAX 0x029 -# define APPLE_CPU_PART_M2_BLIZZARD 0x032 -# define APPLE_CPU_PART_M2_AVALANCHE 0x033 -# define APPLE_CPU_PART_M2_BLIZZARD_PRO 0x034 -# define APPLE_CPU_PART_M2_AVALANCHE_PRO 0x035 -# define APPLE_CPU_PART_M2_BLIZZARD_MAX 0x038 -# define APPLE_CPU_PART_M2_AVALANCHE_MAX 0x039 - -# define MICROSOFT_CPU_PART_COBALT_100 0xD49 - -# define MIDR_PARTNUM_SHIFT 4 -# define MIDR_PARTNUM_MASK (0xfffU << MIDR_PARTNUM_SHIFT) -# define MIDR_PARTNUM(midr) \ - (((midr) & MIDR_PARTNUM_MASK) >> MIDR_PARTNUM_SHIFT) - -# define MIDR_IMPLEMENTER_SHIFT 24 -# define MIDR_IMPLEMENTER_MASK (0xffU << MIDR_IMPLEMENTER_SHIFT) -# define MIDR_IMPLEMENTER(midr) \ - (((midr) & MIDR_IMPLEMENTER_MASK) >> MIDR_IMPLEMENTER_SHIFT) - -# define MIDR_ARCHITECTURE_SHIFT 16 -# define MIDR_ARCHITECTURE_MASK (0xfU << MIDR_ARCHITECTURE_SHIFT) -# define MIDR_ARCHITECTURE(midr) \ - (((midr) & MIDR_ARCHITECTURE_MASK) >> MIDR_ARCHITECTURE_SHIFT) - -# define MIDR_CPU_MODEL_MASK \ - (MIDR_IMPLEMENTER_MASK | \ - MIDR_PARTNUM_MASK | \ - MIDR_ARCHITECTURE_MASK) - -# define MIDR_CPU_MODEL(imp, partnum) \ - (((imp) << MIDR_IMPLEMENTER_SHIFT) | \ - (0xfU << MIDR_ARCHITECTURE_SHIFT) | \ - ((partnum) << MIDR_PARTNUM_SHIFT)) - -# define MIDR_IS_CPU_MODEL(midr, imp, partnum) \ - (((midr) & MIDR_CPU_MODEL_MASK) == MIDR_CPU_MODEL(imp, partnum)) +#define ARM_CPU_IMP_ARM 0x41 +#define HISI_CPU_IMP 0x48 +#define ARM_CPU_IMP_APPLE 0x61 +#define ARM_CPU_IMP_MICROSOFT 0x6D +#define ARM_CPU_IMP_AMPERE 0xC0 + +#define ARM_CPU_PART_CORTEX_A72 0xD08 +#define ARM_CPU_PART_N1 0xD0C +#define ARM_CPU_PART_V1 0xD40 +#define ARM_CPU_PART_N2 0xD49 +#define HISI_CPU_PART_KP920 0xD01 +#define ARM_CPU_PART_V2 0xD4F + +#define APPLE_CPU_PART_M1_ICESTORM 0x022 +#define APPLE_CPU_PART_M1_FIRESTORM 0x023 +#define APPLE_CPU_PART_M1_ICESTORM_PRO 0x024 +#define APPLE_CPU_PART_M1_FIRESTORM_PRO 0x025 +#define APPLE_CPU_PART_M1_ICESTORM_MAX 0x028 +#define APPLE_CPU_PART_M1_FIRESTORM_MAX 0x029 +#define APPLE_CPU_PART_M2_BLIZZARD 0x032 +#define APPLE_CPU_PART_M2_AVALANCHE 0x033 +#define APPLE_CPU_PART_M2_BLIZZARD_PRO 0x034 +#define APPLE_CPU_PART_M2_AVALANCHE_PRO 0x035 +#define APPLE_CPU_PART_M2_BLIZZARD_MAX 0x038 +#define APPLE_CPU_PART_M2_AVALANCHE_MAX 0x039 + +#define MICROSOFT_CPU_PART_COBALT_100 0xD49 + +#define MIDR_PARTNUM_SHIFT 4 +#define MIDR_PARTNUM_MASK (0xfffU << MIDR_PARTNUM_SHIFT) +#define MIDR_PARTNUM(midr) \ + (((midr) & MIDR_PARTNUM_MASK) >> MIDR_PARTNUM_SHIFT) + +#define MIDR_IMPLEMENTER_SHIFT 24 +#define MIDR_IMPLEMENTER_MASK (0xffU << MIDR_IMPLEMENTER_SHIFT) +#define MIDR_IMPLEMENTER(midr) \ + (((midr) & MIDR_IMPLEMENTER_MASK) >> MIDR_IMPLEMENTER_SHIFT) + +#define MIDR_ARCHITECTURE_SHIFT 16 +#define MIDR_ARCHITECTURE_MASK (0xfU << MIDR_ARCHITECTURE_SHIFT) +#define MIDR_ARCHITECTURE(midr) \ + (((midr) & MIDR_ARCHITECTURE_MASK) >> MIDR_ARCHITECTURE_SHIFT) + +#define MIDR_CPU_MODEL_MASK \ + (MIDR_IMPLEMENTER_MASK | MIDR_PARTNUM_MASK | MIDR_ARCHITECTURE_MASK) + +#define MIDR_CPU_MODEL(imp, partnum) \ + (((imp) << MIDR_IMPLEMENTER_SHIFT) | (0xfU << MIDR_ARCHITECTURE_SHIFT) | ((partnum) << MIDR_PARTNUM_SHIFT)) + +#define MIDR_IS_CPU_MODEL(midr, imp, partnum) \ + (((midr) & MIDR_CPU_MODEL_MASK) == MIDR_CPU_MODEL(imp, partnum)) #if defined(__ASSEMBLER__) - /* - * Support macros for - * - Armv8.3-A Pointer Authentication and - * - Armv8.5-A Branch Target Identification - * features which require emitting a .note.gnu.property section with the - * appropriate architecture-dependent feature bits set. - * Read more: "ELF for the ArmĀ® 64-bit Architecture" - */ - -# if defined(__ARM_FEATURE_BTI_DEFAULT) && __ARM_FEATURE_BTI_DEFAULT == 1 -# define GNU_PROPERTY_AARCH64_BTI (1 << 0) /* Has Branch Target Identification */ -# define AARCH64_VALID_CALL_TARGET hint #34 /* BTI 'c' */ -# else -# define GNU_PROPERTY_AARCH64_BTI 0 /* No Branch Target Identification */ -# define AARCH64_VALID_CALL_TARGET -# endif - -# if defined(__ARM_FEATURE_PAC_DEFAULT) && \ - (__ARM_FEATURE_PAC_DEFAULT & 1) == 1 /* Signed with A-key */ -# define GNU_PROPERTY_AARCH64_POINTER_AUTH \ - (1 << 1) /* Has Pointer Authentication */ -# define AARCH64_SIGN_LINK_REGISTER hint #25 /* PACIASP */ -# define AARCH64_VALIDATE_LINK_REGISTER hint #29 /* AUTIASP */ -# elif defined(__ARM_FEATURE_PAC_DEFAULT) && \ - (__ARM_FEATURE_PAC_DEFAULT & 2) == 2 /* Signed with B-key */ -# define GNU_PROPERTY_AARCH64_POINTER_AUTH \ - (1 << 1) /* Has Pointer Authentication */ -# define AARCH64_SIGN_LINK_REGISTER hint #27 /* PACIBSP */ -# define AARCH64_VALIDATE_LINK_REGISTER hint #31 /* AUTIBSP */ -# else -# define GNU_PROPERTY_AARCH64_POINTER_AUTH 0 /* No Pointer Authentication */ -# if GNU_PROPERTY_AARCH64_BTI != 0 -# define AARCH64_SIGN_LINK_REGISTER AARCH64_VALID_CALL_TARGET -# else -# define AARCH64_SIGN_LINK_REGISTER -# endif -# define AARCH64_VALIDATE_LINK_REGISTER -# endif - -# if GNU_PROPERTY_AARCH64_POINTER_AUTH != 0 || GNU_PROPERTY_AARCH64_BTI != 0 - .pushsection .note.gnu.property, "a"; - .balign 8; - .long 4; - .long 0x10; - .long 0x5; - .asciz "GNU"; - .long 0xc0000000; /* GNU_PROPERTY_AARCH64_FEATURE_1_AND */ - .long 4; - .long (GNU_PROPERTY_AARCH64_POINTER_AUTH | GNU_PROPERTY_AARCH64_BTI); - .long 0; - .popsection; -# endif - -# endif /* defined __ASSEMBLER__ */ - -# define IS_CPU_SUPPORT_UNROLL8_EOR3() \ - (OPENSSL_armcap_P & ARMV8_UNROLL8_EOR3) +/* + * Support macros for + * - Armv8.3-A Pointer Authentication and + * - Armv8.5-A Branch Target Identification + * features which require emitting a .note.gnu.property section with the + * appropriate architecture-dependent feature bits set. + * Read more: "ELF for the ArmĀ® 64-bit Architecture" + */ + +#if defined(__ARM_FEATURE_BTI_DEFAULT) && __ARM_FEATURE_BTI_DEFAULT == 1 +#define GNU_PROPERTY_AARCH64_BTI (1 << 0) /* Has Branch Target Identification */ +#define AARCH64_VALID_CALL_TARGET hint #34 /* BTI 'c' */ +#else +#define GNU_PROPERTY_AARCH64_BTI 0 /* No Branch Target Identification */ +#define AARCH64_VALID_CALL_TARGET +#endif + +#if defined(__ARM_FEATURE_PAC_DEFAULT) && (__ARM_FEATURE_PAC_DEFAULT & 1) == 1 /* Signed with A-key */ +#define GNU_PROPERTY_AARCH64_POINTER_AUTH \ + (1 << 1) /* Has Pointer Authentication */ +#define AARCH64_SIGN_LINK_REGISTER hint #25 /* PACIASP */ +#define AARCH64_VALIDATE_LINK_REGISTER hint #29 /* AUTIASP */ +#elif defined(__ARM_FEATURE_PAC_DEFAULT) && (__ARM_FEATURE_PAC_DEFAULT & 2) == 2 /* Signed with B-key */ +#define GNU_PROPERTY_AARCH64_POINTER_AUTH \ + (1 << 1) /* Has Pointer Authentication */ +#define AARCH64_SIGN_LINK_REGISTER hint #27 /* PACIBSP */ +#define AARCH64_VALIDATE_LINK_REGISTER hint #31 /* AUTIBSP */ +#else +#define GNU_PROPERTY_AARCH64_POINTER_AUTH 0 /* No Pointer Authentication */ +#if GNU_PROPERTY_AARCH64_BTI != 0 +#define AARCH64_SIGN_LINK_REGISTER AARCH64_VALID_CALL_TARGET +#else +#define AARCH64_SIGN_LINK_REGISTER +#endif +#define AARCH64_VALIDATE_LINK_REGISTER +#endif + +#if GNU_PROPERTY_AARCH64_POINTER_AUTH != 0 || GNU_PROPERTY_AARCH64_BTI != 0 +/* clang-format off */ +.pushsection .note.gnu.property, "a"; +/* clang-format on */ +.balign 8; +.long 4; +.long 0x10; +.long 0x5; +.asciz "GNU"; +.long 0xc0000000; /* GNU_PROPERTY_AARCH64_FEATURE_1_AND */ +.long 4; +.long(GNU_PROPERTY_AARCH64_POINTER_AUTH | GNU_PROPERTY_AARCH64_BTI); +.long 0; +.popsection; +#endif + +#endif /* defined __ASSEMBLER__ */ + +#define IS_CPU_SUPPORT_UNROLL8_EOR3() \ + (OPENSSL_armcap_P & ARMV8_UNROLL8_EOR3) #endif diff --git a/sys/crypto/openssl/powerpc/aes-gcm-ppc.S b/sys/crypto/openssl/powerpc/aes-gcm-ppc.S index 23a8feb24745..51cfac7e45fc 100644 --- a/sys/crypto/openssl/powerpc/aes-gcm-ppc.S +++ b/sys/crypto/openssl/powerpc/aes-gcm-ppc.S @@ -1,531 +1,587 @@ /* Do not modify. This file is auto-generated from aes-gcm-ppc.pl. */ -.machine "any" +.machine "any" .text - - - - -.macro .Loop_aes_middle4x - xxlor 19+32, 1, 1 - xxlor 20+32, 2, 2 - xxlor 21+32, 3, 3 - xxlor 22+32, 4, 4 - - .long 0x11EF9D08 - .long 0x12109D08 - .long 0x12319D08 - .long 0x12529D08 - - .long 0x11EFA508 - .long 0x1210A508 - .long 0x1231A508 - .long 0x1252A508 - - .long 0x11EFAD08 - .long 0x1210AD08 - .long 0x1231AD08 - .long 0x1252AD08 - - .long 0x11EFB508 - .long 0x1210B508 - .long 0x1231B508 - .long 0x1252B508 - - xxlor 19+32, 5, 5 - xxlor 20+32, 6, 6 - xxlor 21+32, 7, 7 - xxlor 22+32, 8, 8 - - .long 0x11EF9D08 - .long 0x12109D08 - .long 0x12319D08 - .long 0x12529D08 - - .long 0x11EFA508 - .long 0x1210A508 - .long 0x1231A508 - .long 0x1252A508 - - .long 0x11EFAD08 - .long 0x1210AD08 - .long 0x1231AD08 - .long 0x1252AD08 - - .long 0x11EFB508 - .long 0x1210B508 - .long 0x1231B508 - .long 0x1252B508 - - xxlor 23+32, 9, 9 - .long 0x11EFBD08 - .long 0x1210BD08 - .long 0x1231BD08 - .long 0x1252BD08 -.endm - - - - - -.macro .Loop_aes_middle8x - xxlor 23+32, 1, 1 - xxlor 24+32, 2, 2 - xxlor 25+32, 3, 3 - xxlor 26+32, 4, 4 - - .long 0x11EFBD08 - .long 0x1210BD08 - .long 0x1231BD08 - .long 0x1252BD08 - .long 0x1273BD08 - .long 0x1294BD08 - .long 0x12B5BD08 - .long 0x12D6BD08 - - .long 0x11EFC508 - .long 0x1210C508 - .long 0x1231C508 - .long 0x1252C508 - .long 0x1273C508 - .long 0x1294C508 - .long 0x12B5C508 - .long 0x12D6C508 - - .long 0x11EFCD08 - .long 0x1210CD08 - .long 0x1231CD08 - .long 0x1252CD08 - .long 0x1273CD08 - .long 0x1294CD08 - .long 0x12B5CD08 - .long 0x12D6CD08 - - .long 0x11EFD508 - .long 0x1210D508 - .long 0x1231D508 - .long 0x1252D508 - .long 0x1273D508 - .long 0x1294D508 - .long 0x12B5D508 - .long 0x12D6D508 - - xxlor 23+32, 5, 5 - xxlor 24+32, 6, 6 - xxlor 25+32, 7, 7 - xxlor 26+32, 8, 8 - - .long 0x11EFBD08 - .long 0x1210BD08 - .long 0x1231BD08 - .long 0x1252BD08 - .long 0x1273BD08 - .long 0x1294BD08 - .long 0x12B5BD08 - .long 0x12D6BD08 - - .long 0x11EFC508 - .long 0x1210C508 - .long 0x1231C508 - .long 0x1252C508 - .long 0x1273C508 - .long 0x1294C508 - .long 0x12B5C508 - .long 0x12D6C508 - - .long 0x11EFCD08 - .long 0x1210CD08 - .long 0x1231CD08 - .long 0x1252CD08 - .long 0x1273CD08 - .long 0x1294CD08 - .long 0x12B5CD08 - .long 0x12D6CD08 - - .long 0x11EFD508 - .long 0x1210D508 - .long 0x1231D508 - .long 0x1252D508 - .long 0x1273D508 - .long 0x1294D508 - .long 0x12B5D508 - .long 0x12D6D508 - - xxlor 23+32, 9, 9 - .long 0x11EFBD08 - .long 0x1210BD08 - .long 0x1231BD08 - .long 0x1252BD08 - .long 0x1273BD08 - .long 0x1294BD08 - .long 0x12B5BD08 - .long 0x12D6BD08 -.endm - - - - -ppc_aes_gcm_ghash: - vxor 15, 15, 0 - - xxlxor 29, 29, 29 - - .long 0x12EC7CC8 - .long 0x130984C8 - .long 0x13268CC8 - .long 0x134394C8 - - vxor 23, 23, 24 - vxor 23, 23, 25 - vxor 23, 23, 26 - - .long 0x130D7CC8 - .long 0x132A84C8 - .long 0x13478CC8 - .long 0x136494C8 - - vxor 24, 24, 25 - vxor 24, 24, 26 - vxor 24, 24, 27 - - - .long 0x139714C8 - - xxlor 29+32, 29, 29 - vsldoi 26, 24, 29, 8 - vsldoi 29, 29, 24, 8 - vxor 23, 23, 26 - - vsldoi 23, 23, 23, 8 - vxor 23, 23, 28 - - .long 0x130E7CC8 - .long 0x132B84C8 - .long 0x13488CC8 - .long 0x136594C8 - - vxor 24, 24, 25 - vxor 24, 24, 26 - vxor 24, 24, 27 - - vxor 24, 24, 29 - - - vsldoi 27, 23, 23, 8 - .long 0x12F714C8 - vxor 27, 27, 24 - vxor 23, 23, 27 - - xxlor 32, 23+32, 23+32 - - blr - - - - - -.macro ppc_aes_gcm_ghash2_4x - - vxor 15, 15, 0 - - xxlxor 29, 29, 29 - - .long 0x12EC7CC8 - .long 0x130984C8 - .long 0x13268CC8 - .long 0x134394C8 +.macro SAVE_REGS + mflr 0 + std 0, 16(1) + stdu 1,-512(1) + + std 14, 112(1) + std 15, 120(1) + std 16, 128(1) + std 17, 136(1) + std 18, 144(1) + std 19, 152(1) + std 20, 160(1) + std 21, 168(1) + std 22, 176(1) + std 23, 184(1) + std 24, 192(1) + + stxv 32+20, 256(1) + stxv 32+21, 256+16(1) + stxv 32+22, 256+32(1) + stxv 32+23, 256+48(1) + stxv 32+24, 256+64(1) + stxv 32+25, 256+80(1) + stxv 32+26, 256+96(1) + stxv 32+27, 256+112(1) + stxv 32+28, 256+128(1) + stxv 32+29, 256+144(1) + stxv 32+30, 256+160(1) + stxv 32+31, 256+176(1) +.endm # SAVE_REGS + +.macro RESTORE_REGS + lxv 32+20, 256(1) + lxv 32+21, 256+16(1) + lxv 32+22, 256+32(1) + lxv 32+23, 256+48(1) + lxv 32+24, 256+64(1) + lxv 32+25, 256+80(1) + lxv 32+26, 256+96(1) + lxv 32+27, 256+112(1) + lxv 32+28, 256+128(1) + lxv 32+29, 256+144(1) + lxv 32+30, 256+160(1) + lxv 32+31, 256+176(1) + + ld 14, 112(1) + ld 15, 120(1) + ld 16, 128(1) + ld 17, 136(1) + ld 18, 144(1) + ld 19, 152(1) + ld 20, 160(1) + ld 21, 168(1) + ld 22, 176(1) + ld 23, 184(1) + ld 24, 192(1) + + addi 1, 1, 512 + ld 0, 16(1) + mtlr 0 +.endm # RESTORE_REGS + +# 4x loops +.macro AES_CIPHER_4x r + vcipher 15, 15, \r + vcipher 16, 16, \r + vcipher 17, 17, \r + vcipher 18, 18, \r +.endm + +# 8x loops +.macro AES_CIPHER_8x r + vcipher 15, 15, \r + vcipher 16, 16, \r + vcipher 17, 17, \r + vcipher 18, 18, \r + vcipher 19, 19, \r + vcipher 20, 20, \r + vcipher 21, 21, \r + vcipher 22, 22, \r +.endm + +.macro LOOP_8AES_STATE + AES_CIPHER_8x 23 + AES_CIPHER_8x 24 + AES_CIPHER_8x 25 + AES_CIPHER_8x 26 + AES_CIPHER_8x 27 + AES_CIPHER_8x 28 + AES_CIPHER_8x 29 + AES_CIPHER_8x 1 +.endm + +# +# PPC_GFMUL128_8x: Compute hash values of 8 blocks based on Karatsuba method. +# +# S1 should xor with the previous digest +# +# Xi = v0 +# H Poly = v2 +# Hash keys = v3 - v14 +# vs10: vpermxor vector +# Scratch: v23 - v29 +# +.macro PPC_GFMUL128_8x + + vpmsumd 23, 12, 15 # H4.L * X.L + vpmsumd 24, 9, 16 + vpmsumd 25, 6, 17 + vpmsumd 26, 3, 18 vxor 23, 23, 24 vxor 23, 23, 25 - vxor 23, 23, 26 - - .long 0x130D7CC8 - .long 0x132A84C8 - .long 0x13478CC8 - .long 0x136494C8 - - vxor 24, 24, 25 - vxor 24, 24, 26 - - - .long 0x139714C8 - - xxlor 29+32, 29, 29 - - vxor 24, 24, 27 - vsldoi 26, 24, 29, 8 - vsldoi 29, 29, 24, 8 - vxor 23, 23, 26 - - vsldoi 23, 23, 23, 8 - vxor 23, 23, 28 + vxor 23, 23, 26 # L - .long 0x130E7CC8 - .long 0x132B84C8 - .long 0x13488CC8 - .long 0x136594C8 + vpmsumd 27, 13, 15 # H4.L * X.H + H4.H * X.L + vpmsumd 28, 10, 16 # H3.L * X1.H + H3.H * X1.L + vpmsumd 25, 7, 17 + vpmsumd 26, 4, 18 + vxor 24, 27, 28 vxor 24, 24, 25 - vxor 24, 24, 26 - vxor 24, 24, 27 - - vxor 24, 24, 29 - - - vsldoi 27, 23, 23, 8 - .long 0x12F714C8 - vxor 27, 27, 24 - vxor 27, 23, 27 - - - .long 0x1309A4C8 - .long 0x1326ACC8 - .long 0x1343B4C8 - vxor 19, 19, 27 - .long 0x12EC9CC8 + vxor 24, 24, 26 # M + + vpmsumd 26, 14, 15 # H4.H * X.H + vpmsumd 27, 11, 16 + vpmsumd 28, 8, 17 + vpmsumd 29, 5, 18 + + vxor 26, 26, 27 + vxor 26, 26, 28 + vxor 26, 26, 29 + + # sum hash and reduction with H Poly + vpmsumd 28, 23, 2 # reduction + + vxor 1, 1, 1 + vsldoi 25, 24, 1, 8 # mL + vsldoi 1, 1, 24, 8 # mH + vxor 23, 23, 25 # mL + L + + # This performs swap and xor like, + # vsldoi 23, 23, 23, 8 # swap + # vxor 23, 23, 28 + xxlor 32+29, 10, 10 + vpermxor 23, 23, 28, 29 + + vxor 24, 26, 1 # H + + # sum hash and reduction with H Poly + # + # vsldoi 25, 23, 23, 8 # swap + # vpmsumd 23, 23, 2 + # vxor 27, 25, 24 + # + vpermxor 27, 23, 24, 29 + vpmsumd 23, 23, 2 + vxor 0, 23, 27 # Digest of 4 blocks + + vxor 19, 19, 0 + + # Compute digest for the next 4 blocks + vpmsumd 24, 9, 20 + vpmsumd 25, 6, 21 + vpmsumd 26, 3, 22 + vpmsumd 23, 12, 19 # H4.L * X.L vxor 23, 23, 24 vxor 23, 23, 25 - vxor 23, 23, 26 + vxor 23, 23, 26 # L - .long 0x130D9CC8 - .long 0x132AA4C8 - .long 0x1347ACC8 - .long 0x1364B4C8 + vpmsumd 27, 13, 19 # H4.L * X.H + H4.H * X.L + vpmsumd 28, 10, 20 # H3.L * X1.H + H3.H * X1.L + vpmsumd 25, 7, 21 + vpmsumd 26, 4, 22 + vxor 24, 27, 28 vxor 24, 24, 25 - vxor 24, 24, 26 - - - .long 0x139714C8 - - xxlor 29+32, 29, 29 - - vxor 24, 24, 27 - vsldoi 26, 24, 29, 8 - vsldoi 29, 29, 24, 8 - vxor 23, 23, 26 - - vsldoi 23, 23, 23, 8 - vxor 23, 23, 28 - - .long 0x130E9CC8 - .long 0x132BA4C8 - .long 0x1348ACC8 - .long 0x1365B4C8 - - vxor 24, 24, 25 - vxor 24, 24, 26 - vxor 24, 24, 27 - - vxor 24, 24, 29 - - - vsldoi 27, 23, 23, 8 - .long 0x12F714C8 - vxor 27, 27, 24 - vxor 23, 23, 27 - - xxlor 32, 23+32, 23+32 - -.endm - - - - -.macro ppc_update_hash_1x - vxor 28, 28, 0 - - vxor 19, 19, 19 - - .long 0x12C3E4C8 - .long 0x12E4E4C8 - .long 0x1305E4C8 - - .long 0x137614C8 - - vsldoi 25, 23, 19, 8 - vsldoi 26, 19, 23, 8 - vxor 22, 22, 25 - vxor 24, 24, 26 - - vsldoi 22, 22, 22, 8 - vxor 22, 22, 27 - - vsldoi 20, 22, 22, 8 - .long 0x12D614C8 - vxor 20, 20, 24 - vxor 22, 22, 20 - *** 6149 LINES SKIPPED ***
